Skip to main content
NetApp adopts Microsoft’s Business-to-Customer (B2C) Identity Management
Effective December 3 - NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources. For accounts that did not pre-register (prior to Dec 3) access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity. To learn more, Read the FAQ and Watch the video. Need assistance? Complete this form and select “Registration Issue” as the Feedback Category. 
NetApp Knowledge Base

Can I set UNIX style permissions from an NFS mount on an NTFS qtree?

  1. Last updated
  2. Save as PDF
Views:
2,174
Visibility:
Public
Votes:
4
Category:
data-ontap-8
Specialty:
nfs
Last Updated:

 

Applies to

  • ONTAP 9
  • Clustered Data ONTAP 8 
  • Data ONTAP 8.2 7-Mode  
  • Data ONTAP 8.1 7-Mode 
  • Data ONTAP 8 7-Mode 
  • Data ONTAP 7 and earlier 

Answer

  • UNIX clients mounting an NTFS-style qtree complain about being unable to set permissions.
  • NFS clients cannot set security in NTFS qtrees.
  • The error might show the user as "not owner" and a truss will show an EPERM error.
    For example:
    16439: open("test_f_open.txt", O_WRONLY|O_CREAT|O_EXCL, 0666) Err#1 EPERM
    16439: brk(0x00020BA8) = 0
    16439: brk(0x00022BA8) = 0
    failed to open test_f_open.txt in exclusive mode16439: write(2, " f a i l e d t o o p".., 48) = 48
    : 16439: write(2, " : ", 2) = 2
  • Swap file already exists!" errors occur when editing files with VIM or other UNIX applications on NTFS security style qtrees.
  • Vi, VIM, and other UNIX applications will create swap files. When the files are edited on the NTFS file system, the following error occurs:
    (1) Another program may be editing the same file.
    If this is the case, be careful not to end up with two different instances of the same file when making changes.
    Quit, or continue with caution.

    (2) An edit session for this file crashed.
    If this is the case, use ":recover" or "vim -r sgeweg"
    to recover the changes (see ":help recovery").
    If you did this already, delete the swap file ".sgeweg.swp" to avoid this message.
  • You cannot set UNIX style permissions in an NTFS qtree. UNIX files created in an NTFS qtree will inherit the parent folder's NTFS permissions. The"cifs.ntfs_ignore_unix_security_ops" option below does not allow you to set UNIX permissions on a qtree. However, because permissions are set, albeit NTFS permissions, Data ONTAP will suppress errors that indicate UNIX permissions were not set and allow UNIX applications to succeed.

Note: You can set ACLs from UNIX hosts using the smbcacls program that is part of the Samba distribution.

  • Beginning in Data ONTAP 6.2, to enable the hidden option "cifs.ntfs_ignore_unix_security_ops":
    filer>options cifs.ntfs_ignore_unix_security_ops on

For clustered Data ONTAP:
cluster::> vserver export-policy rule modify -ntfs-unix-security-ops ignore

NTFS security style:

All attempts to set UNIX security on an NTFS style qtree are denied.
NTFS qtrees are intended for use when NTFS-style access checking is always desired. If a file has an ACL it will be used for permission checking. When a qtree is set to the NTFS type, if no ACL exists there, a special ACL owned by BUILTINAdministrators is placed at the root of the tree. It grants FullControl to EVERYONE so you will probably want to change it. Any other ACLs may be set as needed by the system administrator. Any files created in the qtree root will inherit an ACL according to standard NTFS rules.

Additional Information

Related link:

BUG 57350